The Institute of Operational Risk (IOR) has published a Key Risk Indicators (KRI) Sound Practice Guidance paper.

Covering the whole of the Key Risk Indicators process from their selection to their use in risk reporting and assessments, this is the fourth in the Institute’s series of sound practice papers designed to provide practical guidance on the implementation of techniques necessary to support a robust operational risk management framework.

Edward Sankey, chairman of the council of IOR, says, “Reporting with KRIs is the operational risk activity that is most evident to directors and business management. The impact of operational risk management depends on accurately directing management attention to the issues of the day.

“This sound practice paper drives home the key link between risk reporting on the one hand and governance and monitoring risk tolerance on the other, It provides senior managers and risk practitioners with practical guidelines on developing and using KRIs.”

IOR’s paper outlines the sound practices in relation to the use of risk indicators to support the management of operational risk. But whilst risk indicators are acknowledged as a valuable tool, the guidance paper warns against over reliance on a metric driven traffic light mentality at the expense of good management judgement. The use of fixed lists or optimum indicators is also advised against as KRIs will vary both by organisations and over time and, in addition, need to be updated on an ongoing basis.

Selecting the best indicators – those that are relevant, easy to use and predictive – is crucial as any piece of data could conceivably be viewed as a metric. The paper provides guidance on establishing the specific characteristics and how to select the optimum indicators.

Implementing a set of indicators is only part of the solution the paper advises. Guidelines also need to be established on how to interpret the indicators, the actions that are required and the thresholds/limits for selected indicators.

The paper also recommends exception based reporting to avoid overloading managers with too much information so that they cannot make effective decisions. The focus should only be on those indicators that require attention.

Simon Ashby a member of IOR’s Council adds: “Risk indicators are an invaluable tool, but can be misunderstood. A poorly designed or implemented risk indicator framework can be worse than having nothing at all. Our new KRI guidance sheds further light on current sound practices in the area.

“The production of guidance on the effective design and use of key risk indicators is an area that has been largely overlooked by regulators, academics and other professional associations. Therefore, it presented a key area where the IOR could add value and fulfil a key element of its mission – to develop the discipline of operational risk.

The guidance was produced by risk management professionals with practical experience in the selection and use of risk indicators.

In addition to the practice guidance the paper also includes appendices that provide examples of potential report formats and a number of potential risk indicators. The paper is available, free of charge, from the Institute’s website at www.ior-institute.org

Share Story: